Query used:
{
"size": 0,
"query": {
"bool": {
"must": [
{
"match": {
"message": "<API_CALL_NAME>"
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lte": "now"
}
}
}
]
}
},
{
"aggs": {
"api_calls": {
"terms": {
"field": "message",
"size": 10
}
}
}
}
}
but keep getting this error msg when i try to run in Kibana.
Error message : [bool] malformed query, expected [END_OBJECT] but found [FIELD_NAME]
Can someone pls help/clarify? Ta!
Hi @Navaneeth_K,
Welcome! It's difficult to say with the lack of formatting, but I think there may have been an extra brace or character somewhere. Can you try the below:
GET index/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"match": {
"message": "<API_CALL_NAME>"
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lte": "now"
}
}
}
]
}
},
"aggs": {
"api_calls": {
"terms": {
"field": "message",
"size": 10
}
}
}
}
Hope that helps!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.